Need help encrypting a message using a key pair

[prettydiff]

Details

I can successfully generate key pairs using (TypeScript):

const privateKey:string = "",
  publicKey:string = "",
  callback = function (keyError:NodeJS.ErrnoException, keyPublic:Buffer, keyPrivate:Buffer) {
      if (keyError === null) {
          privateKey = keyPrivate.toString();
          publicKey = keyPublic.toString();

          crypto.privateEncrypt({
              encoding: "utf8",
              format: "pem",
              key: privateKey,
              passphrase: "a real big hash",
              type: "pkcs8"
          }, Buffer.from("some text"));
      } else {
          console.log(keyError);
      }
  },
  options:ED448KeyPairOptions = {
      privateKeyEncoding: {
          cipher: "aes-128-cbc",
          format: "pem",
          passphrase: "a real big hash",
          type: "pkcs8"
      },
      publicKeyEncoding: {
          format: "pem",
          type: "spki"
      }
  };
crypto.generateKeyPair("ed448", options, callback);

The code that errors is the privateEncrypt function. The error:

error:03000096:digital envelope routines::operation not support for this keytype

Here are some combination of things I have tried:

• Change the function to publicEncrypt
• Eliminating the cipher and passphrase properties from the key generation options and then only passing the key string into the privateEncrypt function.
• Tried converting the key pair from buffers to string encoded as hex and base64. In the sample above no encoding is specified so defaulting to utf8.
• Tried replacing ed448 with x448.
• Tried updating the cipher to aes-256-cbc

I am not sure why this refuses to work. Could the problem be the use of ed448?

Node.js version

20.5.0

Example code

No response

Operating system

Windows 10

Scope

Runtime

Module and version

Not applicable.

[prettydiff]

Instead trying generateKeyPair with type "ec" and named curve sect571k1 the privateEncrypt function generates error:

error:00000000:lib(0)::reason(0)

https://github.com/prettydiff/share-file-systems/commit/80851d7cf0ba8520f184d1a1325a9febaaf0e72a Shows the actual project code with the commit converting from "ed448" to type "ec".

[prettydiff]

I am going to drop asymmetric key exchange and instead try to solve this problem using a shared secret, probably in the form of HMAC.

[tniessen]

@prettydiff Neither Ed448 nor X448 support encryption. You can use X448 to exchange keys between multiple parties, and you can use Ed448 to digitally sign messages. Neither algorithm is meant for encrypting messages.